The IPG Website Privacy Policy

Last Updated: Monday 18 May 2026

1. Introduction

This Privacy Policy explains how TheIPG Ltd. (“The IPG”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data when you interact with us, including through our website www.the-ipg.co.uk, our marketing activities, competitions, events, and when you engage with us as a tradesperson, member or supplier.

We are committed to protecting personal data in accordance with applicable data protection legislation, including:

  • The UK General Data Protection Regulation (“UK GDPR”)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations 2003 (“PECR”)
  • The Data (Use and Access) Act 2025 (“DUAA”), where applicable

This policy explains how we use personal data, your rights and how to contact us regarding privacy matters.

2. Who We Are

The IPG Ltd
Company No. 08749971

Registered office:
Unit 35
BizSpace
Courtwick Lane
Littlehampton
West Sussex
BN17 7TL

ICO Registration Number: ZA280769

For the purposes of UK GDPR, The IPG acts as a data controller in relation to the personal data described in this policy. In limited circumstances, we may also act as a data processor.

3. Data Protection Contact Details

We have appointed a Data Compliance Lead responsible for overseeing data protection and privacy matters.

Data Compliance Lead: Tom Cleverly
Email: data@the-ipg.co.uk

4. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data.

Tradespeople and Website Users

  • Name
  • Trade type
  • Business name
  • Email address
  • Telephone number
  • Postcode
  • Marketing preferences
  • Consent records
  • Competition entry information

Members and Suppliers

  • Contact details
  • Business information
  • Portal login credentials
  • Subscription and billing records
  • Communications and account history

Technical and Usage Data

  • Website usage information
  • Device and browser information
  • Cookie and consent preference data
  • Security and access logs where applicable

We do not knowingly collect special category personal data through our website.

5. How We Collect Personal Data

We collect personal data in the following ways:

  • When you complete forms on our website
  • When you enter competitions or prize draws
  • When you communicate with us by email, telephone or WhatsApp
  • When you engage with us at events or exhibitions
  • When members and suppliers access and use our Portal
  • Through cookies and similar technologies, subject to consent
  • Through interactions with our marketing communications

6. Lawful Bases for Processing

We only process personal data where we have a lawful basis under UK GDPR.

Activity Lawful Basis
Sending marketing communications Consent
Competition administration Legitimate interests and/or consent
Sharing data with participating members or suppliers Consent
Responding to enquiries Legitimate interests
Managing member and supplier accounts Contract
Billing and financial administration Legal obligation and contract
Website analytics and non-essential cookies Consent
Website security and fraud prevention Legitimate interests
Maintaining suppression lists Legal obligation and legitimate interests

Where we rely on legitimate interests as a lawful basis, we ensure our interests are balanced against the rights and freedoms of affected individuals.

7. Marketing Communications and PECR

We send electronic marketing communications in accordance with PECR and UK GDPR.

Marketing communications may include:

  • Email communications
  • Competition follow-ups
  • Promotional updates relating to The IPG and participating members or suppliers

We do not send marketing communications via WhatsApp.

Where required, we rely on explicit consent before sending marketing communications. Consent requests are presented separately from competition entry or other service-related activities.

You may withdraw your consent or unsubscribe from marketing communications at any time using the unsubscribe link provided in communications or by contacting us directly.

We maintain records of marketing consent preferences, including the source and date/time of consent where applicable.

Where individuals unsubscribe from marketing communications, their details may be retained on suppression lists to ensure future communications are not sent in error.

8. Competitions and Third-Party Data Sharing

When you enter competitions or promotional campaigns:

  • Entry is not conditional on consenting to marketing
  • Marketing consent requests are presented separately
  • Personal data is only shared with participating members or suppliers where consent has been provided
  • Participating members or suppliers may be identified at the point personal data is collected where appropriate

Where personal data is shared with members or suppliers, those organisations act as independent data controllers and are responsible for their own compliance with applicable data protection laws.

We may occasionally receive personal data from third-party partners or event organisers. In such cases, we rely on assurances that appropriate consent or lawful basis has been obtained.

We do not sell personal data.

9. Sharing Personal Data

We may share personal data with:

  • Trusted service providers acting on our behalf
  • Participating members and suppliers, where consent has been provided
  • Professional advisers
  • Regulators, authorities or law enforcement agencies where legally required

We use third-party providers to support our business operations, including:

  • HubSpot
  • Microsoft 365
  • Google Workspace
  • Campaign Monitor
  • Xero
  • Worldpay
  • DPD Local

These providers may process personal data on our behalf under appropriate contractual and security safeguards.

10. International Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are implemented in accordance with UK GDPR, including:

  • UK adequacy regulations
  • International Data Transfer Agreements (IDTAs)
  • The UK Addendum to Standard Contractual Clauses

We take reasonable steps to ensure personal data remains appropriately protected.

Further information may be obtained by contacting data@the-ipg.co.uk.

11. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Typical retention periods include:

  • Website enquiries – up to 12 months
  • Marketing contacts – while consent remains active
  • Unsubscribed or inactive marketing contacts – up to 12 months before deletion
  • Competition records – while marketing consent remains active or until deletion is requested
  • Financial records – 6 years
  • Member and supplier records – retained in accordance with operational and legal requirements

Business communications and operational records may be retained where necessary for legal, security, administrative or compliance purposes.

Where personal data is anonymised, it is no longer treated as personal data under UK GDPR and may be retained for statistical or analytical purposes.

12. Security

We implement appropriate technical and organisational measures designed to protect personal data.

  • Individual user accounts and role-based access controls
  • Multi-factor authentication where available
  • Password-protected devices and systems
  • Restricted access to personal data
  • Security monitoring and breach reporting procedures

Access to personal data is limited to authorised individuals who require access for legitimate business purposes.

13. Personal Data Breaches

We maintain procedures for identifying, reporting and responding to personal data breaches.

Where required by law, we will notify the Information Commissioner’s Office and/or affected individuals within applicable legal timescales.

14. Your Rights

Under UK data protection law, you have the following rights in relation to your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing, including direct marketing
  • Right to withdraw consent where processing is based on consent

You may exercise these rights by contacting us at data@the-ipg.co.uk.

15. Subject Access Requests (DSARs)

You may request access to personal data we hold about you by contacting data@the-ipg.co.uk.

We may request proof of identity before responding to a request.

We aim to respond to valid requests within one calendar month, unless an extension is permitted under applicable law.

16. Data Protection Complaints

Under applicable data protection law, individuals have the right to raise concerns regarding how their personal data is handled.

Complaints relating to personal data, privacy rights or the handling of Subject Access Requests may be submitted by contacting:

Email: data@the-ipg.co.uk

We aim to acknowledge complaints within 30 days of receipt, investigate complaints appropriately and without undue delay, keep individuals informed where appropriate, and notify individuals of the outcome.

If you remain dissatisfied following our response, you have the right to lodge a complaint with the Information Commissioner’s Office.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

17. Automated Processing and AI Tools

We may use limited automated tools and artificial intelligence technologies to support marketing, administration, content creation and operational efficiency.

These may include systems such as:

  • ChatGPT
  • Microsoft Copilot
  • Google Gemini
  • Adobe Creative Cloud

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.

18. Cookies

We use cookies and similar technologies on our website.

Non-essential cookies are only deployed where consent has been provided through our cookie consent platform.

  • Accept cookies
  • Reject non-essential cookies
  • Manage cookie preferences

Consent preferences can be updated at any time via our website cookie settings.

We use technologies including Google Analytics 4, YouTube embedded content, Google Maps and Google reCAPTCHA.

Further information is available in our separate Cookie Policy.

19. Children’s Data

Our services and marketing activities are not directed at individuals under the age of 18.

We do not knowingly collect personal data from children.

20. Changes to This Policy

We may update this Privacy Policy from time to time.

Any updates will be published on our website and will take effect from the published revision date.

21. Accessibility

This Privacy Policy is available in alternative formats upon request.